Description:
A vulnerability was reported in Git. A remote authenticated user can obtain elevated privileges on the target system.

A remote authenticated user can supply specially crafted 'git-cvsserver' parameters to inject and execute arbitrary shell commands on the target system. The commands will run with 'git' user privileges.

The vendor was notified on September 8, 2017.

joernchen ~ Phenoelit reported this vulnerability.

Impact:
A remote authenticated user can execute arbitrary operating system commands with elevated privileges on the target system.